New York state’s attorney general sued Citi on Tuesday, accusing it of failing to prevent scammers from stealing unspecified amounts of money from customer accounts, and saying the bank must reimburse fraud victims for any losses.
The lawsuit filed in federal court outlines a variety of ways in which Citi customers were fooled into disclosing sensitive information, allowing hackers to gain access to their accounts and steal millions of dollars. Some cases of what became known as phishing scams involved Citi customers receiving text messages or emails that purported to be from Citi but were actually from criminals.
New York Attorney General, Letitia James, said that Citi should have been suspicious when large transfers were requested from customer accounts that had not seen such activity in decades – and that had their passwords changed only minutes earlier. .
In one example, when a customer called her local City branch with concerns about a phishing message she had clicked on, the bank told her, “Don’t worry about it – it happens all the time.” ” Three days later, more than $40,000 was transferred from her account, the lawsuit says. Citi later rejected her request for reimbursement, saying it was her mistake to click on the scammer’s message.
The lawsuit holds the City liable under the 1978 Electronic Funds Transfer Act.
“There is no excuse for Citi’s failure to protect and prevent the theft of millions of dollars from customer accounts,” said Ms. James, who is seeking the same high office as her first attorney general.
Citi spokeswoman Danielle Romero-Upsilos said the bank is not required to reimburse customers who were victims of fraud. “Citi closely follows all laws and regulations related to wire transfers and works extremely hard to prevent threats affecting our customers and assist them in recovering losses whenever possible,” he said in a statement. Is.”